Upcoming Events

The Tor Project today released the first stable release of Tor Browser 7.0 (the previous version was 6.5.2). You can download the latest version, which includes many security and performance improvements, from the project page and the distribution directory.

Tor offers anonymous communication by directing internet traffic through a free, worldwide, volunteer network consisting of more than 7,000 relays. The goal is to conceal users’ location and usage from anyone conducting network surveillance or traffic analysis.

The Tor Browser, which automatically starts Tor background processes and routes traffic through the Tor network, is built on top of Mozilla’s Firefox Extended Support Release (ESR), a version designed for schools, universities, businesses, and others who need help with mass deployments. Firefox ESR releases are maintained for one year. In addition to the Tor proxy, Tor Browser includes the TorButton, TorLauncher, NoScript, and HTTPS Everywhere Firefox extensions.

The 7.0 release brings Tor Browser up to date with Firefox 52 ESR. This brings two major features: multiprocess mode and content sandbox. Both are enabled by default on macOS and Linux, while the Tor team is still working on the sandboxing part for Windows. Mac and Linux users also have the option to further harden their Tor Browser setup by using only Unix domain sockets for communication with Tor.

Switching to ESR 52 also brings new system requirements for Windows and macOS users. On Windows, Tor Browser 7.0 will not run on non-SSE2 capable machines, while for Macs, Tor Browser 7.0 requires OS X 10.9 or higher.

There are also tracking and fingerprinting resistance improvements. Cookies, view-source requests, and the Permissions API are now isolated to the first party URL bar domain to enhance tracking-related defenses. On the fingerprinting side, several new features were disabled or patched, including WebGL2; the WebAudio, Social, SpeechSynthesis, and Touch APIs; and the MediaError.message property. Other changes include updating HTTPS-Everywhere to version 5.2.17 and NoScript to version 5.0.5.